Cyber-Attacks Current Affairs

Enter Your Email Address To Subscribe Current Affairs Daily Digest, Daily Quiz and other updates on Current Affairs:

Banks to bear liability in case of online security breach: RBI

The Reserve Bank of India (RBI) has clarified that banks will have to bear the full liability in the event of any security breach or compromise in the authorised card network.

Banks issuing the cards will offer the ‘payment authentication solutions’ of the respective card networks on an optional basis to their customers.

RBI held that

  • Only authorised card networks will offer such payment authentication solutions with participation of card issuing and acquiring banks.
  • For this purpose customer’s consent must be taken while making this solution available to them.
  • Customers opting for this facility will go through a one-time registration process. They are required to enter card details and additional factor authentication by issuing bank.
  • Thereafter, registered customers will not be required to re-enter card details for every transaction at merchant locations that offer this solution, thus save time and effort.
  • The card details already registered will be the first factor while the credentials used to login to the solution would be the additional factor of authentication.

Besides, RBI also has relaxed additional factor authentication (AFA) norms for online transactions up to Rs. 2,000. This decision was taken in a move to save time for customers amid the government’s push for digitization of payments.

Tags:

CERT-In warns micro-ATMs against malware attacks

The premier cyber security agency CERT-In has cautioned bankers, customers and traders against skimming and malware attacks on micro ATMs and Point of Sale (POS) terminals.

The move comes as usage of POS and micro-ATMs counters have witnessed a sharp surge post demonetisation. It has asked to adopt high-end encryption to plug possible breaches.

In this regard, CERT-In has issued two specific advisories for micro-Automated Teller Machines and POS terminals.

What are potential threats?
  • Skimming: It is the theft of classified credit/debit card data. Using this method, a hacker (thief) can obtain the victim’s card number using a small electronic device near the card acceptance slot and store hundreds of card details at a time.
  • Social engineering attack: It can be engineered at these banking and POS facilities, by gaining trust of the card owner as the fraudster poses as a member of staff.
What the CERT-In advisory says?
  • Micro-ATMs security features must be strong and updated in order to check attempts by hackers who stealthily plan to steal private customer and bank data.
  • Point to Point Encryption (P2PE) should be used to minimise this risk as it will encrypt the card data and keep it encrypted to the maximum extent throughout its life.
  • Banks and micro ATM operators must use some counter-measures to thwart cyberattacks.
  • Micro ATM must not transmit any confidential data unencrypted on the network. It must automatically log out the operator and lock itself after a period of inactivity.
  • Operators must keep all micro ATM software, application, anti-virus regularly updated and educate the customer about basic functionalities and security best practises.
  • Customers must render due diligence of securing their PIN and not sharing vital details with strangers.

Micro ATM: It work with minimal power and connect to central banking servers through a GPRS network. It enables the un-banked rural population to access banking services in their villages or towns. It offers facilities of deposit, withdrawal, balance enquiry, issuance of mini-statement and funds transfer.

CERT-In (Indian Computer Emergency Response Team): It is the nodal agency that deals with cyber security threats like hacking and phishing. It is government organisation under Union Ministry of Electronics and Information Technology. It aims to strengthen security-related defence of the Indian Internet domain.

Tags:

US Senate passes Cyber Security Legislation

US Senate has passed Cyber Security Legislation to facilitating sharing of cyber-attack threats. It was passed by 74 votes in favour of it and 21 votes against it.

The passage of legislation is being considered a critical step to address cyber threats and ensure tools are in place in to deter future cyber-attacks.

Key facts

  • The bill reconciles with the earlier-passed House Cyber Security Bill.
  • Seeks to help in preventing future cyber-attacks by facilitating a common awareness in the cyber realm.
  • Encourages private companies to voluntarily share information related to cyber threat with the government and one another.
  • Provides private companies immunity for sharing the information from lawsuits by consumers and shareholders.

Background

  • United States Government was under pressure to act in the wake of recent high-profile cyber-attacks against multiples private companies including Sony Pictures and others.
  • The passage of legislation comes just after US Congress had voted to rein in the powers of the National Security Agency (NSA) following revelations of vast surveillance programmes in leaked documents by former intelligence contractor Edward Snowden.

Tags:

Advertisement